This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Projects Reboot 2012 - OWASP Eliminate Vulnerable Code
1) Project name: Eliminate Vulnerable Code Project[[1]]
2) Description: Eliminate Vulnerable Code Project is geared at identifying and removing vulnerable code samples from the public domain. The project has 4 main areas of interest:
i) Internet Web Forums
ii) Educational Institutions
iii) Printed Materials
iv) Open source software
3) Project Team Leader: Waqas Nazir and we already have about 15 contributors for the project.
4) Re boot type: Type 1
5) Goals of the reboot: The goals for the reboot are divided into the following main areas:
i) Internet Web Forums: The Evc Probe scanner needs more rules to be added to scan for other development languages. Currently it is only looking for a small set of issues in .NET and Java code. The hope is to add 50 more checks.
ii) Educational Institutions: Work with at least two educational institutions to review their software development curriculums to identify any insecure code being used to teach developers.
iii) Printed Materials: Review at least one software development book to identify any insecure code being used as references.
iv) Open source software: Identify 1 high impact open source software to begin static analysis and manual review with the help of OWASP members.
v) Prime sponsor: List OWASP as a prime sponsor on [2]
6) Timeline: The timeline for the aforementioned goals is as follows:
i) Internet Web Forums:
50 % milestone = 25 new checks (August 30th, 2012).
100 % milestone = 50 new checks (September 15th, 2012).
ii) Educational Institutions:
50 % milestone = work with and complete analysis of first curriculum
100 % milestone = work with and complete analysis of second curriculum
iii) Printed Materials:
100 % milestone = Identify and work on one software development book to identify insecure code being used as reference.
iv) Open source software:
50 % milestone = Identify 1 high impact open source software for review and create the review team with OWASP leaders (August 15th, 2012).
100 % milestone = Document and complete initial analysis (September 30th, 2012)
v) Prime sponsor:
100 % milestone = List OWASP as a prime sponsor on | https://evc.digitsec.com/sponsor.aspx
7) Budget:
USD 10 K for prime sponsorship of EVC Project.
Sponsorship benefits are listed here: [3]
25 % of the funds will go for developing new checks for the Evc Probe scanner.
50 % of the funds will go for the development of the review process for educational institutions, printed materials, and open source software.
25 % will go towards organizing the reviews and co-ordination of the review activities.